South Korea’s privacy watchdog has handed financial penalties to the Korea Accreditation Board (KAB) and Telus International AI for failing to put in place basic safeguards to protect personal data, following significant breaches tied to long-known security vulnerabilities.
Tech companies love to talk about safety, but Ofcom isn’t buying the press releases. On Monday, the UK’s media and communications regulator released a fresh batch of proposals under the Online Safety Act, this time urging platforms to stop turning a blind eye to how fast harm can spread and who it hurts most.
Denmark’s data protection authority, Datatilsynet, has released its 2024 annual report, spotlighting a year defined by record case volumes, deepened international collaboration, and a proactive push into fast-evolving areas like artificial intelligence and children’s online safety.
The EU Agency for Cybersecurity (ENISA) has issued its first technical guidance to help digital infrastructure and managed service providers implement the cybersecurity measures required under the EU’s new NIS2 Implementing Regulation. The non-binding guidance aims to make compliance with the NIS2 Directive’s technical and methodological requirements more practical, consistent, and achievable for companies operating in critical sectors across the EU.
A federal judge has given the green light to a proposed $177 million settlement in a consolidated class action lawsuit against AT&T, stemming from two massive data breaches that exposed the personal information of tens of millions of customers. The preliminary approval, issued by Judge Ada Brown of the U.S. District Court for the Northern District of Texas, clears the way for a final settlement hearing set for December 3, 2025.
When the General Data Protection Regulation (GDPR) first came into force, companies braced for a regulatory storm, such as sweeping data rules, compliance headaches, and steep fines. What many didn’t expect? A surprising upside of fewer cyberattacks, better security, and billions saved.
The UK’s data protection regime has just undergone its biggest recalibration since Brexit. On June 19, 2025, the Data (Use and Access) Act (DUAA) received Royal Assent, introducing a suite of reforms aimed at modernizing how organizations collect, use, and share personal information. But unlike GDPR’s transformative shake-up in 2018, this legislation is more evolutionary than revolutionary, nudging UK data protection in a direction that’s lighter on red tape, but still recognizably rights-driven.